Most malicious code lurks on US, UK servers

[Alpine]

NAUGHTY, MALICIOUS CODE is more likely to be hosted on servers in the US and UK than in elsewhere, according to research by insecurity firm, Finjan.


According to the bit of sniffing about conducted by the firm, ninety per cent of the URLs containing malicious code that were discovered resided on servers located in the US or UK.

"Our research shows that malicious content is much more likely to show up on a local server than one in Asia or Eastern Europe," said Yuval Ben-Itzhak, chief technology officer at Finjan. "Unfortunately this means that the traditional location-based reputation heuristics are decreasingly effective against modern attacks."

According to the firm, over 80 per cent of the malicious code detected was "obfuscated", making it virtually invisible to pattern-matching and signature-based methods used by anti-virus products.

Advertising is the leading category for URLs containing malicious code, representing 80 per cent of all instances. Finjan reckons web vandals have discovered that the multiple parties involved and the complex mix of relationships involved in online advertising make it relatively easy to inject malicious content into what seem legitimate ad delivery streams.

And Finjan found that malicious code is just as likely to be accessed through legitimate web sites as through what might be considered disreputable sites.

"The fact that malicious code is just as likely to be found in legitimate categories as in questionable categories means that security products that rely solely on URL categories to block access to malicious sites are no longer effective,' warned Ben-Itzhak. Naturally, folk at Finjan hope these revelations scare you into buying their software.

The INQuirer